ePrints@IIScePrints@IISc Home | About | Browse | Latest Additions | Advanced Search | Contact | Help

Malware detection and classification using community detection and social network analysis

Reddy, V and Kolli, N and Balakrishnan, N (2021) Malware detection and classification using community detection and social network analysis. In: Journal of Computer Virology and Hacking Techniques .

[img] PDF
jou_com_vir_hac_tec_2021.pdf - Published Version
Restricted to Registered users only

Download (2MB) | Request a copy
Official URL: https://doi.org/10.1007/s11416-021-00387-x


Despite the efforts of antivirus vendors and researchers to overcome the threat of malware and its growth, malware remains a rampant problem causing significant economic and intellectual property loss. Malware developers evade commercial detection tools by introducing minor code changes and obfuscation, leading to the creation of variants of known malware families. The volume of malware variants being introduced is increasing every day, resulting in the need for new methods to detect and classify malware with high scalability in less time. To this end, we propose a novel technique that exploits community detection properties and social network analysis concepts. The proposed method is based on system call graphs obtained by extracting the system calls found in the execution of the malware files. To study the inherent characteristics of different malware families, we extract features conforming to community and social network properties and use them for classification. A set of 5 models ranging from using only OS-level actions, to the model that includes community-level features and social network features have been presented. The highest performance has been shown to arise when community-level features and social network features were used in combination with malware class-level features. A suite of 9 machine learning algorithms have been used, and the results have been compared. Our evaluation results demonstrate that our combined approach outperforms many previously used methods in malware detection and classification, being able to achieve precision, recall, and accuracy of more than 0.97 using Multilayer Perceptron and k-Nearest Neighbors. © 2021, The Author(s), under exclusive licence to Springer-Verlag France SAS, part of Springer Nature.

Item Type: Journal Article
Publication: Journal of Computer Virology and Hacking Techniques
Publisher: Springer-Verlag Italia s.r.l.
Additional Information: The copyright for this article belongs to Springer-Verlag Italia s.r.l.
Keywords: Computer viruses; Learning algorithms; Multilayer neural networks; Nearest neighbor search; Population dynamics, Commercial detections; Community detection; Evaluation results; High scalabilities; Inherent characteristics; K-nearest neighbors; Malware detection; Social network properties, Machine learning
Department/Centre: Division of Interdisciplinary Sciences > Supercomputer Education & Research Centre
Date Deposited: 05 Aug 2021 06:20
Last Modified: 05 Aug 2021 06:20
URI: http://eprints.iisc.ac.in/id/eprint/69066

Actions (login required)

View Item View Item